From: Philippe Antoine Date: Mon, 28 Apr 2025 13:27:00 +0000 (+0200) Subject: detect/single-buf: helper with more explicit direction X-Git-Tag: suricata-8.0.0-rc1~405 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F13106%2Fhead;p=thirdparty%2Fsuricata.git detect/single-buf: helper with more explicit direction --- diff --git a/examples/plugins/altemplate/src/detect.rs b/examples/plugins/altemplate/src/detect.rs index 59b54742ab..47c276adcb 100644 --- a/examples/plugins/altemplate/src/detect.rs +++ b/examples/plugins/altemplate/src/detect.rs @@ -27,6 +27,7 @@ use suricata::detect::{ helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData, DetectSignatureSetAppProto, SigTableElmtStickyBuffer, }; +use suricata::core::{STREAM_TOCLIENT, STREAM_TOSERVER}; use suricata::direction::Direction; use suricata_sys::sys::{DetectEngineCtx, SCDetectBufferSetActiveList, Signature}; @@ -93,8 +94,7 @@ pub(super) unsafe extern "C" fn detect_template_register() { b"altemplate.buffer\0".as_ptr() as *const libc::c_char, b"template.buffer intern description\0".as_ptr() as *const libc::c_char, ALPROTO_TEMPLATE, - true, //toclient - true, //toserver + STREAM_TOSERVER | STREAM_TOCLIENT, template_buffer_get, ); } diff --git a/rust/src/applayertemplate/detect.rs b/rust/src/applayertemplate/detect.rs index 93d1f3da9f..31d0d473de 100644 --- a/rust/src/applayertemplate/detect.rs +++ b/rust/src/applayertemplate/detect.rs @@ -19,6 +19,7 @@ use super::template::{TemplateTransaction, ALPROTO_TEMPLATE}; /* TEMPLATE_START_REMOVE */ use crate::conf::conf_get_node; /* TEMPLATE_END_REMOVE */ +use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER}; use crate::detect::{ helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData, DetectSignatureSetAppProto, SigTableElmtStickyBuffer, @@ -96,8 +97,7 @@ pub unsafe extern "C" fn SCDetectTemplateRegister() { b"template.buffer\0".as_ptr() as *const libc::c_char, b"template.buffer intern description\0".as_ptr() as *const libc::c_char, ALPROTO_TEMPLATE, - true, //toclient - true, //toserver + STREAM_TOSERVER | STREAM_TOCLIENT, template_buffer_get, ); } diff --git a/rust/src/detect/mod.rs b/rust/src/detect/mod.rs index ff94b08e48..fd289dbc01 100644 --- a/rust/src/detect/mod.rs +++ b/rust/src/detect/mod.rs @@ -159,8 +159,7 @@ extern "C" { get_buf: unsafe extern "C" fn(*const c_void, u8, *mut *const u8, *mut u32) -> bool, ) -> *mut c_void; pub fn DetectHelperBufferMpmRegister( - name: *const libc::c_char, desc: *const libc::c_char, alproto: AppProto, toclient: bool, - toserver: bool, + name: *const libc::c_char, desc: *const libc::c_char, alproto: AppProto, dir: u8, get_data: unsafe extern "C" fn( *mut c_void, *const c_void, @@ -173,7 +172,7 @@ extern "C" { pub fn DetectHelperKeywordRegister(kw: *const SCSigTableAppLiteElmt) -> c_int; pub fn DetectHelperKeywordAliasRegister(kwid: c_int, alias: *const c_char); pub fn DetectHelperBufferRegister( - name: *const libc::c_char, alproto: AppProto, toclient: bool, toserver: bool, + name: *const libc::c_char, alproto: AppProto, dir: u8, ) -> c_int; pub fn DetectSignatureSetAppProto(s: *mut Signature, alproto: AppProto) -> c_int; pub fn SigMatchAppendSMToList( diff --git a/rust/src/dhcp/detect.rs b/rust/src/dhcp/detect.rs index 6ac302baf2..f29a5a6b1a 100644 --- a/rust/src/dhcp/detect.rs +++ b/rust/src/dhcp/detect.rs @@ -20,9 +20,8 @@ use super::dhcp::{ DHCP_OPT_RENEWAL_TIME, }; use super::parser::DHCPOptionWrapper; -use crate::detect::uint::{ - SCDetectU64Free, SCDetectU64Match, SCDetectU64Parse, DetectUintData, -}; +use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER}; +use crate::detect::uint::{DetectUintData, SCDetectU64Free, SCDetectU64Match, SCDetectU64Parse}; use crate::detect::{ DetectHelperBufferRegister, DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt, SigMatchAppendSMToList, @@ -180,8 +179,7 @@ pub unsafe extern "C" fn SCDetectDHCPRegister() { G_DHCP_LEASE_TIME_BUFFER_ID = DetectHelperBufferRegister( b"dhcp.leasetime\0".as_ptr() as *const libc::c_char, ALPROTO_DHCP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"dhcp.rebinding_time\0".as_ptr() as *const libc::c_char, @@ -196,8 +194,7 @@ pub unsafe extern "C" fn SCDetectDHCPRegister() { G_DHCP_REBINDING_TIME_BUFFER_ID = DetectHelperBufferRegister( b"dhcp.rebinding-time\0".as_ptr() as *const libc::c_char, ALPROTO_DHCP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"dhcp.renewal_time\0".as_ptr() as *const libc::c_char, @@ -212,7 +209,6 @@ pub unsafe extern "C" fn SCDetectDHCPRegister() { G_DHCP_RENEWAL_TIME_BUFFER_ID = DetectHelperBufferRegister( b"dhcp.renewal-time\0".as_ptr() as *const libc::c_char, ALPROTO_DHCP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); } diff --git a/rust/src/dns/detect.rs b/rust/src/dns/detect.rs index 2136bbdf58..5d58c84d18 100644 --- a/rust/src/dns/detect.rs +++ b/rust/src/dns/detect.rs @@ -353,8 +353,7 @@ pub unsafe extern "C" fn SCDetectDNSRegister() { G_DNS_OPCODE_BUFFER_ID = DetectHelperBufferRegister( b"dns.opcode\0".as_ptr() as *const libc::c_char, ALPROTO_DNS, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SigTableElmtStickyBuffer { name: String::from("dns.query.name"), @@ -386,8 +385,7 @@ pub unsafe extern "C" fn SCDetectDNSRegister() { G_DNS_RCODE_BUFFER_ID = DetectHelperBufferRegister( b"dns.rcode\0".as_ptr() as *const libc::c_char, ALPROTO_DNS, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"dns.rrtype\0".as_ptr() as *const libc::c_char, @@ -402,8 +400,7 @@ pub unsafe extern "C" fn SCDetectDNSRegister() { G_DNS_RRTYPE_BUFFER_ID = DetectHelperBufferRegister( b"dns.rrtype\0".as_ptr() as *const libc::c_char, ALPROTO_DNS, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SigTableElmtStickyBuffer { name: String::from("dns.query"), diff --git a/rust/src/enip/detect.rs b/rust/src/enip/detect.rs index 4ed80d4409..58033ce6e1 100644 --- a/rust/src/enip/detect.rs +++ b/rust/src/enip/detect.rs @@ -29,6 +29,7 @@ use super::parser::{ CIP_MULTIPLE_SERVICE, }; +use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER}; use crate::detect::uint::{ detect_match_uint, detect_parse_uint_enum, DetectUintData, SCDetectU16Free, SCDetectU16Match, SCDetectU16Parse, SCDetectU32Free, SCDetectU32Match, SCDetectU32Parse, SCDetectU8Free, @@ -1347,8 +1348,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { G_ENIP_CIPSERVICE_BUFFER_ID = DetectHelperBufferRegister( b"cip\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"enip.capabilities\0".as_ptr() as *const libc::c_char, @@ -1363,8 +1363,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { G_ENIP_CAPABILITIES_BUFFER_ID = DetectHelperBufferRegister( b"enip.capabilities\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"enip.cip_attribute\0".as_ptr() as *const libc::c_char, @@ -1379,8 +1378,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { G_ENIP_CIP_ATTRIBUTE_BUFFER_ID = DetectHelperBufferRegister( b"enip.cip_attribute\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"enip.cip_class\0".as_ptr() as *const libc::c_char, @@ -1395,8 +1393,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { G_ENIP_CIP_CLASS_BUFFER_ID = DetectHelperBufferRegister( b"enip.cip_class\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"enip.vendor_id\0".as_ptr() as *const libc::c_char, @@ -1411,8 +1408,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { G_ENIP_VENDOR_ID_BUFFER_ID = DetectHelperBufferRegister( b"enip.vendor_id\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"enip.status\0".as_ptr() as *const libc::c_char, @@ -1427,8 +1423,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { G_ENIP_STATUS_BUFFER_ID = DetectHelperBufferRegister( b"enip.status\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"enip.state\0".as_ptr() as *const libc::c_char, @@ -1443,8 +1438,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { G_ENIP_STATE_BUFFER_ID = DetectHelperBufferRegister( b"enip.state\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"enip.serial\0".as_ptr() as *const libc::c_char, @@ -1459,8 +1453,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { G_ENIP_SERIAL_BUFFER_ID = DetectHelperBufferRegister( b"enip.serial\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"enip.revision\0".as_ptr() as *const libc::c_char, @@ -1475,8 +1468,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { G_ENIP_REVISION_BUFFER_ID = DetectHelperBufferRegister( b"enip.revision\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"enip.protocol_version\0".as_ptr() as *const libc::c_char, @@ -1491,8 +1483,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { G_ENIP_PROTOCOL_VERSION_BUFFER_ID = DetectHelperBufferRegister( b"enip.protocol_version\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"enip.product_code\0".as_ptr() as *const libc::c_char, @@ -1507,8 +1498,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { G_ENIP_PRODUCT_CODE_BUFFER_ID = DetectHelperBufferRegister( b"enip.product_code\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"enip_command\0".as_ptr() as *const libc::c_char, @@ -1523,8 +1513,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { G_ENIP_COMMAND_BUFFER_ID = DetectHelperBufferRegister( b"enip.command\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"enip.identity_status\0".as_ptr() as *const libc::c_char, @@ -1539,8 +1528,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { G_ENIP_IDENTITY_STATUS_BUFFER_ID = DetectHelperBufferRegister( b"enip.identity_status\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"enip.device_type\0".as_ptr() as *const libc::c_char, @@ -1555,8 +1543,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { G_ENIP_DEVICE_TYPE_BUFFER_ID = DetectHelperBufferRegister( b"enip.device_type\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"enip.cip_status\0".as_ptr() as *const libc::c_char, @@ -1571,8 +1558,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { G_ENIP_CIP_STATUS_BUFFER_ID = DetectHelperBufferRegister( b"enip.cip_status\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"enip.cip_instance\0".as_ptr() as *const libc::c_char, @@ -1587,8 +1573,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { G_ENIP_CIP_INSTANCE_BUFFER_ID = DetectHelperBufferRegister( b"enip.cip_instance\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"enip.cip_extendedstatus\0".as_ptr() as *const libc::c_char, @@ -1604,8 +1589,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { G_ENIP_CIP_EXTENDEDSTATUS_BUFFER_ID = DetectHelperBufferRegister( b"enip.cip_extendedstatus\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SigTableElmtStickyBuffer { name: String::from("enip.product_name"), @@ -1618,8 +1602,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { b"enip.product_name\0".as_ptr() as *const libc::c_char, b"ENIP product name\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, product_name_get_data, ); let kw = SigTableElmtStickyBuffer { @@ -1633,8 +1616,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { b"enip.service_name\0".as_ptr() as *const libc::c_char, b"ENIP service name\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, service_name_get_data, ); } diff --git a/rust/src/ldap/detect.rs b/rust/src/ldap/detect.rs index a8c0dfe6c3..8959500b86 100644 --- a/rust/src/ldap/detect.rs +++ b/rust/src/ldap/detect.rs @@ -646,8 +646,7 @@ pub unsafe extern "C" fn SCDetectLdapRegister() { G_LDAP_REQUEST_OPERATION_BUFFER_ID = DetectHelperBufferRegister( b"ldap.request.operation\0".as_ptr() as *const libc::c_char, ALPROTO_LDAP, - false, //to client - true, //to server + STREAM_TOSERVER, ); let kw = SCSigTableAppLiteElmt { name: b"ldap.responses.operation\0".as_ptr() as *const libc::c_char, @@ -663,8 +662,7 @@ pub unsafe extern "C" fn SCDetectLdapRegister() { G_LDAP_RESPONSES_OPERATION_BUFFER_ID = DetectHelperBufferRegister( b"ldap.responses.operation\0".as_ptr() as *const libc::c_char, ALPROTO_LDAP, - true, //to client - false, //to server + STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"ldap.responses.count\0".as_ptr() as *const libc::c_char, @@ -679,8 +677,7 @@ pub unsafe extern "C" fn SCDetectLdapRegister() { G_LDAP_RESPONSES_COUNT_BUFFER_ID = DetectHelperBufferRegister( b"ldap.responses.count\0".as_ptr() as *const libc::c_char, ALPROTO_LDAP, - true, //to client - false, //to server + STREAM_TOCLIENT, ); let kw = SigTableElmtStickyBuffer { name: String::from("ldap.request.dn"), @@ -693,8 +690,7 @@ pub unsafe extern "C" fn SCDetectLdapRegister() { b"ldap.request.dn\0".as_ptr() as *const libc::c_char, b"LDAP REQUEST DISTINGUISHED_NAME\0".as_ptr() as *const libc::c_char, ALPROTO_LDAP, - false, //to client - true, //to server + STREAM_TOSERVER, ldap_detect_request_dn_get_data, ); let kw = SigTableElmtStickyBuffer { @@ -725,8 +721,7 @@ pub unsafe extern "C" fn SCDetectLdapRegister() { G_LDAP_RESPONSES_RESULT_CODE_BUFFER_ID = DetectHelperBufferRegister( b"ldap.responses.result_code\0".as_ptr() as *const libc::c_char, ALPROTO_LDAP, - true, //to client - false, //to server + STREAM_TOCLIENT, ); let kw = SigTableElmtStickyBuffer { name: String::from("ldap.responses.message"), diff --git a/rust/src/mqtt/detect.rs b/rust/src/mqtt/detect.rs index 0359fc51d5..9ff214bb75 100644 --- a/rust/src/mqtt/detect.rs +++ b/rust/src/mqtt/detect.rs @@ -17,7 +17,7 @@ // written by Sascha Steinbiss -use crate::core::{DetectEngineThreadCtx, STREAM_TOSERVER}; +use crate::core::{DetectEngineThreadCtx, STREAM_TOCLIENT, STREAM_TOSERVER}; use crate::detect::uint::{ detect_match_uint, detect_parse_uint, detect_parse_uint_enum, DetectUintData, DetectUintMode, SCDetectU8Free, SCDetectU8Parse, @@ -1108,8 +1108,7 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { G_MQTT_TYPE_BUFFER_ID = DetectHelperBufferRegister( b"mqtt.type\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let keyword_name = b"mqtt.subscribe.topic\0".as_ptr() as *const libc::c_char; @@ -1149,8 +1148,7 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { G_MQTT_REASON_CODE_BUFFER_ID = DetectHelperBufferRegister( b"mqtt.reason_code\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"mqtt.connack.session_present\0".as_ptr() as *const libc::c_char, @@ -1166,8 +1164,7 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { G_MQTT_CONNACK_SESSIONPRESENT_BUFFER_ID = DetectHelperBufferRegister( b"mqtt.connack.session_present\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, - true, - false, // only to client + STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"mqtt.qos\0".as_ptr() as *const libc::c_char, @@ -1183,8 +1180,7 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { G_MQTT_QOS_BUFFER_ID = DetectHelperBufferRegister( b"mqtt.qos\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, - false, // only to server - true, + STREAM_TOSERVER, ); let kw = SigTableElmtStickyBuffer { name: String::from("mqtt.publish.topic"), @@ -1197,8 +1193,7 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { b"mqtt.publish.topic\0".as_ptr() as *const libc::c_char, b"MQTT PUBLISH topic\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, - true, // PUBLISH goes both ways - true, + STREAM_TOSERVER | STREAM_TOCLIENT, mqtt_pub_topic_get_data, ); let kw = SigTableElmtStickyBuffer { @@ -1212,8 +1207,7 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { b"mqtt.publish.message\0".as_ptr() as *const libc::c_char, b"MQTT PUBLISH message\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, - true, // PUBLISH goes both ways - true, + STREAM_TOSERVER | STREAM_TOCLIENT, mqtt_pub_msg_get_data, ); let kw = SCSigTableAppLiteElmt { @@ -1229,8 +1223,7 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { G_MQTT_PROTOCOL_VERSION_BUFFER_ID = DetectHelperBufferRegister( b"mqtt.protocol_version\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, - false, // only to server - true, + STREAM_TOSERVER, ); let kw = SCSigTableAppLiteElmt { name: b"mqtt.flags\0".as_ptr() as *const libc::c_char, @@ -1245,8 +1238,7 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { G_MQTT_FLAGS_BUFFER_ID = DetectHelperBufferRegister( b"mqtt.flags\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, - false, // only to server - true, + STREAM_TOSERVER, ); let kw = SCSigTableAppLiteElmt { name: b"mqtt.connect.flags\0".as_ptr() as *const libc::c_char, @@ -1261,8 +1253,7 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { G_MQTT_CONN_FLAGS_BUFFER_ID = DetectHelperBufferRegister( b"mqtt.connect.flags\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, - false, // only to server - true, + STREAM_TOSERVER, ); let kw = SigTableElmtStickyBuffer { name: String::from("mqtt.connect.willtopic"), @@ -1275,8 +1266,7 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { b"mqtt.connect.willtopic\0".as_ptr() as *const libc::c_char, b"MQTT CONNECT will topic\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, - false, // only to server - true, + STREAM_TOSERVER, mqtt_conn_willtopic_get_data, ); let kw = SigTableElmtStickyBuffer { @@ -1290,8 +1280,7 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { b"mqtt.connect.willmessage\0".as_ptr() as *const libc::c_char, b"MQTT CONNECT will message\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, - false, // only to server - true, + STREAM_TOSERVER, mqtt_conn_willmsg_get_data, ); let kw = SigTableElmtStickyBuffer { @@ -1305,8 +1294,7 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { b"mqtt.connect.username\0".as_ptr() as *const libc::c_char, b"MQTT CONNECT username\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, - false, // only to server - true, + STREAM_TOSERVER, mqtt_conn_username_get_data, ); let kw = SigTableElmtStickyBuffer { @@ -1320,8 +1308,7 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { b"mqtt.connect.protocol_string\0".as_ptr() as *const libc::c_char, b"MQTT CONNECT protocol string\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, - false, // only to server - true, + STREAM_TOSERVER, mqtt_conn_protocolstring_get_data, ); let kw = SigTableElmtStickyBuffer { @@ -1335,8 +1322,7 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { b"mqtt.connect.password\0".as_ptr() as *const libc::c_char, b"MQTT CONNECT password\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, - false, // only to server - true, + STREAM_TOSERVER, mqtt_conn_password_get_data, ); let kw = SigTableElmtStickyBuffer { @@ -1350,8 +1336,7 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { b"mqtt.connect.clientid\0".as_ptr() as *const libc::c_char, b"MQTT CONNECT clientid\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, - false, // only to server - true, + STREAM_TOSERVER, mqtt_conn_clientid_get_data, ); } diff --git a/rust/src/rfb/detect.rs b/rust/src/rfb/detect.rs index 4aff66c210..e05e4d8752 100644 --- a/rust/src/rfb/detect.rs +++ b/rust/src/rfb/detect.rs @@ -19,6 +19,7 @@ use super::parser::RFBSecurityResultStatus; use super::rfb::{RFBTransaction, ALPROTO_RFB}; +use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER}; use crate::detect::uint::{ detect_match_uint, detect_parse_uint_enum, DetectUintData, SCDetectU32Free, SCDetectU32Parse, }; @@ -200,8 +201,7 @@ pub unsafe extern "C" fn SCDetectRfbRegister() { b"rfb.name\0".as_ptr() as *const libc::c_char, b"rfb name\0".as_ptr() as *const libc::c_char, ALPROTO_RFB, - true, //toclient - false, + STREAM_TOCLIENT, rfb_name_get, ); let kw = SCSigTableAppLiteElmt { @@ -217,8 +217,7 @@ pub unsafe extern "C" fn SCDetectRfbRegister() { G_RFB_SEC_TYPE_BUFFER_ID = DetectHelperBufferRegister( b"rfb.sectype\0".as_ptr() as *const libc::c_char, ALPROTO_RFB, - false, // only to server - true, + STREAM_TOSERVER, ); let kw = SCSigTableAppLiteElmt { name: b"rfb.secresult\0".as_ptr() as *const libc::c_char, @@ -233,8 +232,7 @@ pub unsafe extern "C" fn SCDetectRfbRegister() { G_RFB_SEC_RESULT_BUFFER_ID = DetectHelperBufferRegister( b"rfb.secresult\0".as_ptr() as *const libc::c_char, ALPROTO_RFB, - true, // only to client - false, + STREAM_TOCLIENT, ); } diff --git a/rust/src/sdp/detect.rs b/rust/src/sdp/detect.rs index 878e479abf..b52e104166 100644 --- a/rust/src/sdp/detect.rs +++ b/rust/src/sdp/detect.rs @@ -781,8 +781,7 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { b"sdp.session_name\0".as_ptr() as *const libc::c_char, b"sdp.session_name\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, sdp_session_name_get, ); let kw = SigTableElmtStickyBuffer { @@ -796,8 +795,7 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { b"sdp.session_info\0".as_ptr() as *const libc::c_char, b"sdp.session_info\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, sdp_session_info_get, ); let kw = SigTableElmtStickyBuffer { @@ -811,8 +809,7 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { b"sdp.origin\0".as_ptr() as *const libc::c_char, b"sdp.origin\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, sdp_origin_get, ); let kw = SigTableElmtStickyBuffer { @@ -826,8 +823,7 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { b"sdp.uri\0".as_ptr() as *const libc::c_char, b"sdp.uri\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, sdp_uri_get, ); let kw = SigTableElmtStickyBuffer { @@ -841,8 +837,7 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { b"sdp.email\0".as_ptr() as *const libc::c_char, b"sdp.email\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, sdp_email_get, ); let kw = SigTableElmtStickyBuffer { @@ -856,8 +851,7 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { b"sdp.phone_number\0".as_ptr() as *const libc::c_char, b"sdp.phone_number\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, sdp_phone_number_get, ); let kw = SigTableElmtStickyBuffer { @@ -871,8 +865,7 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { b"sdp.connection_data\0".as_ptr() as *const libc::c_char, b"sdp.connection_data\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, sdp_conn_data_get, ); let kw = SigTableElmtStickyBuffer { @@ -928,8 +921,7 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { b"sdp.timezone\0".as_ptr() as *const libc::c_char, b"sdp.timezone\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, sdp_timezone_get, ); let kw = SigTableElmtStickyBuffer { @@ -943,8 +935,7 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { b"sdp.encryption_key\0".as_ptr() as *const libc::c_char, b"sdp.encription_key\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, sdp_encryption_key_get, ); let kw = SigTableElmtStickyBuffer { diff --git a/rust/src/sip/detect.rs b/rust/src/sip/detect.rs index 7699d7a510..d4f61f9479 100644 --- a/rust/src/sip/detect.rs +++ b/rust/src/sip/detect.rs @@ -501,8 +501,7 @@ pub unsafe extern "C" fn SCDetectSipRegister() { b"sip.protocol\0".as_ptr() as *const libc::c_char, b"sip.protocol\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, sip_protocol_get, ); let kw = SigTableElmtStickyBuffer { @@ -516,8 +515,7 @@ pub unsafe extern "C" fn SCDetectSipRegister() { b"sip.stat_code\0".as_ptr() as *const libc::c_char, b"sip.stat_code\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, - true, - false, + STREAM_TOCLIENT, sip_stat_code_get, ); let kw = SigTableElmtStickyBuffer { @@ -531,8 +529,7 @@ pub unsafe extern "C" fn SCDetectSipRegister() { b"sip.stat_msg\0".as_ptr() as *const libc::c_char, b"sip.stat_msg\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, - true, - false, + STREAM_TOCLIENT, sip_stat_msg_get, ); let kw = SigTableElmtStickyBuffer { @@ -546,8 +543,7 @@ pub unsafe extern "C" fn SCDetectSipRegister() { b"sip.request_line\0".as_ptr() as *const libc::c_char, b"sip.request_line\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, - false, - true, + STREAM_TOSERVER, sip_request_line_get, ); let kw = SigTableElmtStickyBuffer { @@ -561,8 +557,7 @@ pub unsafe extern "C" fn SCDetectSipRegister() { b"sip.response_line\0".as_ptr() as *const libc::c_char, b"sip.response_line\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, - true, - false, + STREAM_TOCLIENT, sip_response_line_get, ); let kw = SigTableElmtStickyBuffer { diff --git a/rust/src/snmp/detect.rs b/rust/src/snmp/detect.rs index fd5cd548f4..8f0e9bf8b9 100644 --- a/rust/src/snmp/detect.rs +++ b/rust/src/snmp/detect.rs @@ -18,6 +18,7 @@ // written by Pierre Chifflier use super::snmp::{SNMPTransaction, ALPROTO_SNMP}; +use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER}; use crate::detect::uint::{DetectUintData, SCDetectU32Free, SCDetectU32Match, SCDetectU32Parse}; use crate::detect::{ helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, @@ -197,8 +198,7 @@ pub(super) unsafe extern "C" fn detect_snmp_register() { G_SNMP_VERSION_BUFFER_ID = DetectHelperBufferRegister( b"snmp.version\0".as_ptr() as *const libc::c_char, ALPROTO_SNMP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { @@ -214,8 +214,7 @@ pub(super) unsafe extern "C" fn detect_snmp_register() { G_SNMP_PDUTYPE_BUFFER_ID = DetectHelperBufferRegister( b"snmp.pdu_type\0".as_ptr() as *const libc::c_char, ALPROTO_SNMP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SigTableElmtStickyBuffer { @@ -229,8 +228,7 @@ pub(super) unsafe extern "C" fn detect_snmp_register() { b"snmp.usm\0".as_ptr() as *const libc::c_char, b"SNMP USM\0".as_ptr() as *const libc::c_char, ALPROTO_SNMP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, snmp_detect_usm_get_data, ); @@ -245,8 +243,7 @@ pub(super) unsafe extern "C" fn detect_snmp_register() { b"snmp.community\0".as_ptr() as *const libc::c_char, b"SNMP Community identifier\0".as_ptr() as *const libc::c_char, ALPROTO_SNMP, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, snmp_detect_community_get_data, ); } diff --git a/rust/src/websocket/detect.rs b/rust/src/websocket/detect.rs index 680f520fbb..175970668f 100644 --- a/rust/src/websocket/detect.rs +++ b/rust/src/websocket/detect.rs @@ -16,6 +16,7 @@ */ use super::websocket::{WebSocketTransaction, ALPROTO_WEBSOCKET}; +use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER}; use crate::detect::uint::{ detect_parse_uint, detect_parse_uint_enum, DetectUintData, DetectUintMode, SCDetectU32Free, SCDetectU32Match, SCDetectU32Parse, SCDetectU8Free, SCDetectU8Match, @@ -293,8 +294,7 @@ pub unsafe extern "C" fn SCDetectWebsocketRegister() { G_WEBSOCKET_OPCODE_BUFFER_ID = DetectHelperBufferRegister( b"websocket.opcode\0".as_ptr() as *const libc::c_char, ALPROTO_WEBSOCKET, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"websocket.mask\0".as_ptr() as *const libc::c_char, @@ -309,8 +309,7 @@ pub unsafe extern "C" fn SCDetectWebsocketRegister() { G_WEBSOCKET_MASK_BUFFER_ID = DetectHelperBufferRegister( b"websocket.mask\0".as_ptr() as *const libc::c_char, ALPROTO_WEBSOCKET, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SCSigTableAppLiteElmt { name: b"websocket.flags\0".as_ptr() as *const libc::c_char, @@ -325,8 +324,7 @@ pub unsafe extern "C" fn SCDetectWebsocketRegister() { G_WEBSOCKET_FLAGS_BUFFER_ID = DetectHelperBufferRegister( b"websocket.flags\0".as_ptr() as *const libc::c_char, ALPROTO_WEBSOCKET, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, ); let kw = SigTableElmtStickyBuffer { name: String::from("websocket.payload"), @@ -339,8 +337,7 @@ pub unsafe extern "C" fn SCDetectWebsocketRegister() { b"websocket.payload\0".as_ptr() as *const libc::c_char, b"WebSocket payload\0".as_ptr() as *const libc::c_char, ALPROTO_WEBSOCKET, - true, - true, + STREAM_TOSERVER | STREAM_TOCLIENT, websocket_detect_payload_get_data, ); } diff --git a/src/detect-email.c b/src/detect-email.c index c9bb66d7f0..ae07071b27 100644 --- a/src/detect-email.c +++ b/src/detect-email.c @@ -338,10 +338,8 @@ void DetectEmailRegister(void) kw.Setup = DetectMimeEmailFromSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; DetectHelperKeywordRegister(&kw); - g_mime_email_from_buffer_id = - DetectHelperBufferMpmRegister("email.from", "MIME EMAIL FROM", ALPROTO_SMTP, false, - true, // to server - GetMimeEmailFromData); + g_mime_email_from_buffer_id = DetectHelperBufferMpmRegister( + "email.from", "MIME EMAIL FROM", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailFromData); kw.name = "email.subject"; kw.desc = "'Subject' field from an email"; @@ -350,9 +348,7 @@ void DetectEmailRegister(void) kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; DetectHelperKeywordRegister(&kw); g_mime_email_subject_buffer_id = DetectHelperBufferMpmRegister("email.subject", - "MIME EMAIL SUBJECT", ALPROTO_SMTP, false, - true, // to server - GetMimeEmailSubjectData); + "MIME EMAIL SUBJECT", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailSubjectData); kw.name = "email.to"; kw.desc = "'To' field from an email"; @@ -360,10 +356,8 @@ void DetectEmailRegister(void) kw.Setup = DetectMimeEmailToSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; DetectHelperKeywordRegister(&kw); - g_mime_email_to_buffer_id = - DetectHelperBufferMpmRegister("email.to", "MIME EMAIL TO", ALPROTO_SMTP, false, - true, // to server - GetMimeEmailToData); + g_mime_email_to_buffer_id = DetectHelperBufferMpmRegister( + "email.to", "MIME EMAIL TO", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailToData); kw.name = "email.cc"; kw.desc = "'Cc' field from an email"; @@ -371,10 +365,8 @@ void DetectEmailRegister(void) kw.Setup = DetectMimeEmailCcSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; DetectHelperKeywordRegister(&kw); - g_mime_email_cc_buffer_id = - DetectHelperBufferMpmRegister("email.cc", "MIME EMAIL CC", ALPROTO_SMTP, false, - true, // to server - GetMimeEmailCcData); + g_mime_email_cc_buffer_id = DetectHelperBufferMpmRegister( + "email.cc", "MIME EMAIL CC", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailCcData); kw.name = "email.date"; kw.desc = "'Date' field from an email"; @@ -382,10 +374,8 @@ void DetectEmailRegister(void) kw.Setup = DetectMimeEmailDateSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; DetectHelperKeywordRegister(&kw); - g_mime_email_date_buffer_id = - DetectHelperBufferMpmRegister("email.date", "MIME EMAIL DATE", ALPROTO_SMTP, false, - true, // to server - GetMimeEmailDateData); + g_mime_email_date_buffer_id = DetectHelperBufferMpmRegister( + "email.date", "MIME EMAIL DATE", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailDateData); kw.name = "email.message_id"; kw.desc = "'Message-Id' field from an email"; @@ -394,9 +384,7 @@ void DetectEmailRegister(void) kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; DetectHelperKeywordRegister(&kw); g_mime_email_message_id_buffer_id = DetectHelperBufferMpmRegister("email.message_id", - "MIME EMAIL Message-Id", ALPROTO_SMTP, false, - true, // to server - GetMimeEmailMessageIdData); + "MIME EMAIL Message-Id", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailMessageIdData); kw.name = "email.x_mailer"; kw.desc = "'X-Mailer' field from an email"; @@ -405,9 +393,7 @@ void DetectEmailRegister(void) kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; DetectHelperKeywordRegister(&kw); g_mime_email_x_mailer_buffer_id = DetectHelperBufferMpmRegister("email.x_mailer", - "MIME EMAIL X-Mailer", ALPROTO_SMTP, false, - true, // to server - GetMimeEmailXMailerData); + "MIME EMAIL X-Mailer", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailXMailerData); kw.name = "email.url"; kw.desc = "'Url' extracted from an email"; diff --git a/src/detect-engine-helper.c b/src/detect-engine-helper.c index 23fa22077d..8634e8ac22 100644 --- a/src/detect-engine-helper.c +++ b/src/detect-engine-helper.c @@ -30,13 +30,13 @@ #include "detect-parse.h" #include "detect-engine-content-inspection.h" -int DetectHelperBufferRegister(const char *name, AppProto alproto, bool toclient, bool toserver) +int DetectHelperBufferRegister(const char *name, AppProto alproto, uint8_t direction) { - if (toserver) { + if (direction & STREAM_TOSERVER) { DetectAppLayerInspectEngineRegister( name, alproto, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); } - if (toclient) { + if (direction & STREAM_TOCLIENT) { DetectAppLayerInspectEngineRegister( name, alproto, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); } @@ -62,15 +62,15 @@ InspectionBuffer *DetectHelperGetData(struct DetectEngineThreadCtx_ *det_ctx, } int DetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto alproto, - bool toclient, bool toserver, InspectionBufferGetDataPtr GetData) + uint8_t direction, InspectionBufferGetDataPtr GetData) { - if (toserver) { + if (direction & STREAM_TOSERVER) { DetectAppLayerInspectEngineRegister( name, alproto, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister( name, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, alproto, 0); } - if (toclient) { + if (direction & STREAM_TOCLIENT) { DetectAppLayerInspectEngineRegister( name, alproto, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister( diff --git a/src/detect-engine-helper.h b/src/detect-engine-helper.h index 547b1f2cf4..6a03b263ef 100644 --- a/src/detect-engine-helper.h +++ b/src/detect-engine-helper.h @@ -32,7 +32,7 @@ int SCDetectHelperNewKeywordId(void); int DetectHelperKeywordRegister(const SCSigTableAppLiteElmt *kw); void DetectHelperKeywordAliasRegister(int kwid, const char *alias); -int DetectHelperBufferRegister(const char *name, AppProto alproto, bool toclient, bool toserver); +int DetectHelperBufferRegister(const char *name, AppProto alproto, uint8_t direction); typedef bool (*SimpleGetTxBuffer)(void *, uint8_t, const uint8_t **, uint32_t *); @@ -40,7 +40,7 @@ InspectionBuffer *DetectHelperGetData(struct DetectEngineThreadCtx_ *det_ctx, const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, const int list_id, SimpleGetTxBuffer GetBuf); int DetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto alproto, - bool toclient, bool toserver, InspectionBufferGetDataPtr GetData); + uint8_t direction, InspectionBufferGetDataPtr GetData); int DetectHelperMultiBufferMpmRegister(const char *name, const char *desc, AppProto alproto, uint8_t direction, InspectionMultiBufferGetDataPtr GetData); int DetectHelperMultiBufferProgressMpmRegister(const char *name, const char *desc, AppProto alproto, diff --git a/src/detect-ftp-command-data.c b/src/detect-ftp-command-data.c index f940ab5d83..7d84424f47 100644 --- a/src/detect-ftp-command-data.c +++ b/src/detect-ftp-command-data.c @@ -105,7 +105,7 @@ void DetectFtpCommandDataRegister(void) sigmatch_table[DETECT_FTP_COMMAND_DATA].flags |= SIGMATCH_NOOPT; DetectHelperBufferMpmRegister( - BUFFER_NAME, BUFFER_NAME, ALPROTO_FTP, false, true, GetDataWrapper); + BUFFER_NAME, BUFFER_NAME, ALPROTO_FTP, STREAM_TOSERVER, GetDataWrapper); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-smtp.c b/src/detect-smtp.c index 7dadf45ad8..ca85d9aa94 100644 --- a/src/detect-smtp.c +++ b/src/detect-smtp.c @@ -137,10 +137,8 @@ void SCDetectSMTPRegister(void) kw.Setup = DetectSmtpHeloSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; DetectHelperKeywordRegister(&kw); - g_smtp_helo_buffer_id = - DetectHelperBufferMpmRegister("smtp.helo", "SMTP helo", ALPROTO_SMTP, false, - true, // to server - GetSmtpHeloData); + g_smtp_helo_buffer_id = DetectHelperBufferMpmRegister( + "smtp.helo", "SMTP helo", ALPROTO_SMTP, STREAM_TOSERVER, GetSmtpHeloData); kw.name = "smtp.mail_from"; kw.desc = "SMTP mail from buffer"; @@ -148,10 +146,8 @@ void SCDetectSMTPRegister(void) kw.Setup = DetectSmtpMailFromSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; DetectHelperKeywordRegister(&kw); - g_smtp_mail_from_buffer_id = - DetectHelperBufferMpmRegister("smtp.mail_from", "SMTP MAIL FROM", ALPROTO_SMTP, false, - true, // to server - GetSmtpMailFromData); + g_smtp_mail_from_buffer_id = DetectHelperBufferMpmRegister( + "smtp.mail_from", "SMTP MAIL FROM", ALPROTO_SMTP, STREAM_TOSERVER, GetSmtpMailFromData); kw.name = "smtp.rcpt_to"; kw.desc = "SMTP rcpt to buffer";